The Blog

HTTPS Wars

The Certificate Authority system was designed in a different era, and many problems are emerging as the system fails to scale and adapt to modern challenges. As you know, the modern internet is vulnerable to many threats. This talk will include a brief survey of the problems with certificate authorities and the ways the system has failed to adapt to the modern era. It will look at the major strategies to improve the system such as certificate pinning, and why every website should HTTPS by default today.

David will look in detail at the EFF’s Lets Encrypt! program, which has the goal of making HTTPS so free and easy that everyone will do it, and how could improve HTTPS security in quantity and quality. Finally, we look at future options such as DANE, that might allow us to bypass Certificate Authorities entirely for routine enquiries.

This session is designed for people with at least a basic understanding of web security.